【Web逆向】某OF网站的OB解密及DRM过校验思路(上)
感谢videohelp论坛larley大神的解答!感谢吾爱破解论坛@涛之雨大神的帮助!
Aggregator
每周蓝军技术推送(2024.6.29-7.5)
1 year 9 months ago
关注高级攻防对抗技术热点,研究对手技术进行高级威胁模拟,研判攻击安全发展方向。
ZDI-CAN-24742: Google
1 year 9 months ago
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz)' was reported to the affected vendor on: 2024-07-05, 48 days ago. The vendor is given until 2024-11-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-24370: Microsoft
1 year 9 months ago
A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Marcin Wiazowski' was reported to the affected vendor on: 2024-07-05, 48 days ago. The vendor is given until 2024-11-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-24622: Microsoft
1 year 9 months ago
A CVSS score 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Nitesh Surana (@_niteshsurana) of Trend Micro Research' was reported to the affected vendor on: 2024-07-05, 53 days ago. The vendor is given until 2024-11-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
Windows高级事件日志分析
1 year 9 months ago
Windows中有许多没有默认开启的事件日志,比如进程创建、DNS查询、文件监控、网络连接等。开启这些高级事件阅读更多
Zgao
超十亿规模!2024年上半年全球重大数据泄露事件盘点
1 year 9 months ago
权威认证 | 灵脉SAST独家通过中国信通院2024最新SAST工具能力评估
1 year 9 months ago
中国信通院公布2024上半年可信安全最新评估成果,悬镜灵脉SAST白盒代码审计平台成功通过软件供应链安全能力域-静态应用程序安全测试工具(SAST)能力评估。
顶流 | 悬镜安全连续四年霸榜《2024年中国网络安全市场全景图》开发安全赛道
1 year 9 months ago
首创代码疫苗关键技术和数字供应链安全情报预警体系,引领下一代数字供应链安全。
每周勒索威胁摘要
1 year 9 months ago
1.Embargo勒索团伙公布新的受害公司
2.Hunters勒索团伙公布了新的受害公司
3.pryx勒索团伙公布了新的受害者
谛听 工控安全月报 | 6月
1 year 9 months ago
6月│月报 谛听工控安全月报上线了,工信部的最新政策,6月发生的多起工控安全事件,谛听团队收集的最新攻击教据......更多安全资讯,请关注“谛听ditecting",每月更新!
搜索广告召回技术在美团的实践
1 year 9 months ago
本文整理自美团技术沙龙第81期《美团在广告算法领域的探索及实践》。首先介绍了美团搜索广告的三个阶段:多策略关键词挖掘、分层召回体系、生成式召回;然后重点介绍了生成式关键词召回、多模态生成式向量召回、生成式相关性判断在美团的实践。最后是一些经验分享及总结,希望能对大家有所帮助或启发。
美团技术团队
Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective
1 year 9 months ago
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.
Shubham Singh
【现场取证之Bitlocker加密问题】
1 year 9 months ago
在取证工作中Bitlocker加密对于调查人员早已司空见惯了。而对于Windows 10以及Windows 11版本的操作系统,甚至在首次激活和使用系统时,在默认情况下就会对磁盘驱动器进行加密。
【实验研究电子邮件的可篡改性和可追踪性】
1 year 9 months ago
摘自著作《电子证据认知新思路——基于实验的直观体现方式》
TTP威胁情报驱动威胁狩猎
1 year 9 months ago
Ransomware Locks Credit Union Users Out Of Bank Accounts
1 year 9 months ago
CapraRAT Malware Targeting Android Users With Fake Apps
1 year 9 months ago
Social media and teen mental health – Week in security with Tony Anscombe
1 year 9 months ago
Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?
深度报告 | 百度安全携手极越安全发布《整车安全渗透测试白皮书》
1 year 9 months ago
智能车安全渗透测试技术的专业文档